Author
Topic: incoming voip calls [BT UK]SOLVED (Read 14764 times)

Hi all,I've set up a sipgate voip account thro' wizard in web admin, and checked the settings against the wiki.

Can call out from direct dial, but cannot dial in , or rather there's no indication a call is coming in.Have opened udp5060-5080 in firewall, enabled the soft phones in freepbx, without success.

Freepbx is showing following errors

1-COULD NOT RELOAD FOP SERVER

Could not reload the FOP operator panel server using the bounce_op.sh script. Configuration changes may not be reflected in the panel display.Added 11 minutes ago(freepbx.reload_fop)

2-FAILED TO COPY FROM MODULE AGI-BINcopy(/usr/share/asterisk/agi-bin/recordingcheck): failed to open stream: Permission deniedcopy(/usr/share/asterisk/agi-bin/fixlocalprefix): failed to open stream: Permission deniedcopy(/usr/share/asterisk/agi-bin/dialparties.agi): failed to open stream: Permission deniedcopy(/usr/share/asterisk/agi-bin/list-item-remove.php): failed to open stream: Permission deniedcopy(/usr/share/asterisk/agi-bin/checksound.agi): failed to open stream: Permission deniedcopy(/usr/share/asterisk/agi-bin/directory): failed to open stream: Permission deniedcopy(/usr/share/asterisk/agi-bin/enumlookup.agi): failed to open stream: Permission denied

Outbound only is a common problem that usually indicates that you have not set up your network correctly for SIP. The other one is a call is placed but no sound. The actual SIP protocol is relatively easy to map through - but SIP is only signalling and just initiates the call, there is no voice traffic passed through it. The voice traffic is passed on a completely separate session set up by the SIP connection. Problem is, the source and destination ports are pretty much random. So unless your core is actually exposed on the Internet with a public IP address (many do just that, it is perfectly safe), then your broadband router is not going to pass these voice connections through. One way that is often recommended is to setup the config to allow ports 10000-20000 to be used, and then port forward all of these on your router through to your core. Its a brute force approach that sounds dangerous but in fact it isn't really, esp if you have no other devices on your "external" network (which you shouldn't by the way!)

"no other devices on your "external" network (which you shouldn't by the way!)"..........why?

my windoze lappy is on external (so it has no interaction with lmce & can connect to printer, so is my daughter's lappy, and son's gaming box ,for same reasons), and has no problem, with exactly the same voip setup and no extra ports opened on b/band router: which is what led me to believe it was a config problem, either on the inbound route or the user/embedded phone setup, on the core.

"So unless your core is actually exposed on the Internet with a public IP address"......how?,

I think those messages and the one on FOP are normal (I remember getting them, anyway!) so red herring...

I haven't responded because its a while since I did this and I am by no means an expert. You would be far better to entice a response from Zaerc, as he is. Maybe get onto the IRC channel and chat to him, he is only 1 hour ahead (CET), so it should be easy for you.

From me, if you are still having the issue with being able to place calls but not receive them, then that is definitely a networking issue. SIP and the media channels do NOT like NATs. This is a very common issue for the reasons I explained. The far end initiates a call through SIP (which you have correctly NAT'd to your core), so both ends are expecting a call setup. But the far end actually initiates the media channel, and it does so by selecting an ephemeral/tcphigh (random, free, > port 1024) port number at its end and the ephemeral port given to it by your core, during the SIP session, as the destination port. Of course, the VoIP server on your core is now expecting an inbound media connection on that port, but your broadband router knows nothing about it!! So the session ACKs will come in to your router's external IP address on this port and the router will think "so what? Drop!" This is why it is messy. There is no easy way to tell the router to expect this connection and NAT it. There are lots of different ways to achieve it, but I will give you the simplest and dirtiest.

So long story short: You will need to do a little research for this stuff. There is an Asterisk config file somewhere on your system where you can specify the maximum range of ports that SIP is allowed to choose the near-end ephemeral port from. By default the kernel will choose a new port between 1024-65535, you can then limit this. The suggested range is 10,000-20,000 from memory, and I suspect that this might actually be already set in that file by default in 0710. If not, set it.

Then setup a NAT/virtual server/PAT (whatever your broadband router calls it) to address translate any inbound connections on ports 10,000-20,000, to your core on the same port (ie, it will translate the IP address and leave the port number intact). This will get the connections through.

There is just one more option that I recall. Again, somewhere on your Asterisk a config file dictates how part of the SIP negotiation is done. This basically means that when your server talks to a remote SIP server, it will tell that SIP server either "use this IP address for me" or "read my IP address from the session". This is important, because if your SIP server uses the former option, it will be telling the remote SIP server to connect to it using your core's external IP address, which is almost certainly a non-public IP address such as 192.168.1.5, for instance. Thus the remote server will not be able to connect. You need to use the latter option (if this isn't the default, can't remember) as this will tell the remote SIP server, when initiating the media channel, to use the source address in the SIP packets as the destination address for the media channel(s). When the SIP packets leave your core, then will of course have your non-public IP address still. However, once they pass through your broadband router and get NAT'd, they will get your correct public IP address. This is the one that the remote SIP server will read and use to connect back to you the media channel.

Naturally, all of this is vastly easier if you have a static IP address from your ISP. If not, there are other options to make dynamic IPs more stable, but I will only dredge up that memory if you indeed have that issue.

...I haven't responded because its a while since I did this and I am by no means an expert. You would be far better to entice a response from Zaerc, as he is. Maybe get onto the IRC channel and chat to him, he is only 1 hour ahead (CET), so it should be easy for you....

If I knew I would have pitched in already, and I'm by no means an expert on asterisk/freepbx, barely managed to get my own telecom going.

I think you're right about the messages being red herrings, from what I've read searching freepbx/ asterix etc forums...

ERRR, would it be easier to asssign the core to a dmz on the modem/ router,and forward the ports on the core, rather than map thro' the core and then the router.

QUOTE from bthomehub help file

"On this page you can assign the public IP address of your internet connection to a specific device on your local network. A DMZ (DeMilitarized Zone) host is a computer on your network that can be accessed from the internet regardless of Network Address Translation (NAT), port forwarding and firewall settings of the Hub.Warning Setting up a DMZ has serious impact on your Hub and you should only setup a DMZ if you understand the consequences:

* The BT Broadband Talk service will stop working until you disable the DMZ * Your Hub will no longer receive automatic upgrades * The device assigned to the DMZ will no longer be protected by the Hub's firewall * Any dynamic DNS services you might have setup will stop working * You will not be able to join the BT FON Wi-Fi Community

You might want to setup a DMZ if:

* You do not want to use the Network Address Translation engine of your BT Home Hub * This device is running server applications (Web server,...) and you want it to be accessible from the internet. You can also achieve this by creating a port mapping for the specified server, as described in Game & Application Sharing * This device has to be considered as the unique access point to your local network (DMZ).'

Am I right in thinking that the windoze laptops , on the 'external' net would then, a) be completely out of the equation and, b) still be protected by the routers firewall ?

I think you're right about the messages being red herrings, from what I've read searching freepbx/ asterix etc forums...

ERRR, would it be easier to asssign the core to a dmz on the modem/ router,and forward the ports on the core, rather than map thro' the core and then the router.

QUOTE from bthomehub help file

"On this page you can assign the public IP address of your internet connection to a specific device on your local network. A DMZ (DeMilitarized Zone) host is a computer on your network that can be accessed from the internet regardless of Network Address Translation (NAT), port forwarding and firewall settings of the Hub.Warning Setting up a DMZ has serious impact on your Hub and you should only setup a DMZ if you understand the consequences:

* The BT Broadband Talk service will stop working until you disable the DMZ * Your Hub will no longer receive automatic upgrades * The device assigned to the DMZ will no longer be protected by the Hub's firewall * Any dynamic DNS services you might have setup will stop working * You will not be able to join the BT FON Wi-Fi Community

You might want to setup a DMZ if:

* You do not want to use the Network Address Translation engine of your BT Home Hub * This device is running server applications (Web server,...) and you want it to be accessible from the internet. You can also achieve this by creating a port mapping for the specified server, as described in Game & Application Sharing * This device has to be considered as the unique access point to your local network (DMZ).'

Am I right in thinking that the windoze laptops , on the 'external' net would then, a) be completely out of the equation and, b) still be protected by the routers firewall ?

thanks for your patience,regards,Ian

Didn't read all of the quote as it appears very specific. However, yes if you can set it up using your bb router's DMZ function so that the core's external interface shadows your public IP address, then that would negate the need to NAT, as the Asterisk interface is public (like using a broadband bridge instead of router). I suspect, though, you will still need either to tell the bb router which ports to map to that DMZ, or which ports not to map there, otherwise all the inbound connections will end up at the core. Which, whilst completely safe as the core has a firewall, may not be exactly what you want...

We use Sipgate as the VOIP provider in our installations so hopefully the following suggestion will help you.

From Freepbx goto "Inbound Routes". Click on your Sipgate entry. The DID no. will probably reflect the local number provided to you by Sipgate. Change this to your 7-digit account no. Click submit and then apply the changes.